From 2a35667777841f7ea1ef2912963962f04955f9e6 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Thu, 31 Jul 2008 17:14:55 -0400 Subject: [PATCH] bump to version 0.90 and ensure we're parallel installable with 0.9 This is the first move towards 1.0; also - kill the config file - merge libpolkit and libpolkit-dbus Now to write a system daemon that libpolkit will use for the backend. Expect HEAD to be broken for a few weeks at least. Also see http://ometer.com/parallel.html for what "parallel installable" means. As a result, all the binaries, man pages, .policy file dir and so forth have been renamed too. I expect the API to change a bit. So some (not much though) porting to PolicyKit 1.0 will be required by current users. --- Makefile.am | 2 +- README | 28 +- configure.in | 35 +- data/Makefile.am | 25 +- data/PolicyKit.conf.in | 9 - data/config.dtd | 18 - ...esktop.PolicyKit.AuthenticationAgent1.xml} | 2 +- data/polkit-1.pc.in | 12 + data/polkit-dbus.pc.in | 11 - data/{polkit.in => polkit-grant-1.in} | 0 data/polkit-grant-1.pc.in | 11 + data/polkit-grant.pc.in | 11 - data/polkit.pc.in | 11 - doc/Makefile.am | 22 +- doc/man/Makefile.am | 20 +- doc/man/PolicyKit.conf.xml | 388 --------- doc/man/PolicyKit.xml | 23 +- doc/man/polkit-action.xml | 23 +- doc/man/polkit-auth.xml | 29 +- doc/man/polkit-config-file-validate.xml | 96 --- doc/man/polkit-policy-file-validate.xml | 26 +- doc/polkit-docs.xml | 2 +- policy/Makefile.am | 6 +- src/Makefile.am | 2 +- src/polkit-dbus/Makefile.am | 125 --- src/polkit-dbus/polkit-dbus-test.c | 63 -- src/polkit-dbus/polkit-dbus-test.h | 47 -- src/polkit-grant/Makefile.am | 76 +- .../polkit-authorization-db-write.c | 10 +- .../polkit-explicit-grant-helper.c | 4 +- src/polkit-grant/polkit-grant-helper-pam.c | 2 +- src/polkit-grant/polkit-grant-helper.c | 103 +-- src/polkit-grant/polkit-grant.c | 4 +- src/polkit-grant/polkit-revoke-helper.c | 16 +- src/polkit/Makefile.am | 104 ++- src/polkit/polkit-authorization-db.c | 29 +- src/polkit/polkit-config.c | 786 ------------------ src/polkit/polkit-config.h | 91 -- src/polkit/polkit-context.c | 205 +---- src/polkit/polkit-context.h | 3 - src/polkit/polkit-policy-cache.c | 4 +- src/polkit/polkit-policy-file-entry.c | 4 +- .../polkit-read-auth-helper.c | 12 +- .../polkit-resolve-exe-helper.c | 4 +- .../polkit-set-default-helper.c | 12 +- src/{polkit-dbus => polkit}/polkit-simple.c | 2 - src/{polkit-dbus => polkit}/polkit-simple.h | 6 +- src/polkit/polkit-sysdeps.c | 2 +- src/polkit/polkit-test.c | 1 - src/polkit/polkit-test.h | 1 - .../polkit-dbus.c => polkit/polkit-tracker.c} | 50 +- .../polkit-dbus.h => polkit/polkit-tracker.h} | 30 +- src/polkit/polkit.h | 3 +- .../lib/{PolicyKit => polkit-1}/.gitignore | 0 .../run/{PolicyKit => polkit-1}/.gitignore | 0 tools/Makefile.am | 19 +- tools/polkit-auth.c | 2 +- ...pletion.sh => polkit-bash-completion-1.sh} | 26 +- tools/polkit-config-file-validate.c | 100 --- 59 files changed, 386 insertions(+), 2372 deletions(-) delete mode 100644 data/PolicyKit.conf.in delete mode 100644 data/config.dtd rename data/{org.freedesktop.PolicyKit.AuthenticationAgent.xml => org.freedesktop.PolicyKit.AuthenticationAgent1.xml} (99%) create mode 100644 data/polkit-1.pc.in delete mode 100644 data/polkit-dbus.pc.in rename data/{polkit.in => polkit-grant-1.in} (100%) create mode 100644 data/polkit-grant-1.pc.in delete mode 100644 data/polkit-grant.pc.in delete mode 100644 data/polkit.pc.in delete mode 100644 doc/man/PolicyKit.conf.xml delete mode 100644 doc/man/polkit-config-file-validate.xml delete mode 100644 src/polkit-dbus/Makefile.am delete mode 100644 src/polkit-dbus/polkit-dbus-test.c delete mode 100644 src/polkit-dbus/polkit-dbus-test.h delete mode 100644 src/polkit/polkit-config.c delete mode 100644 src/polkit/polkit-config.h rename src/{polkit-dbus => polkit}/polkit-read-auth-helper.c (97%) rename src/{polkit-dbus => polkit}/polkit-resolve-exe-helper.c (98%) rename src/{polkit-dbus => polkit}/polkit-set-default-helper.c (92%) rename src/{polkit-dbus => polkit}/polkit-simple.c (99%) rename src/{polkit-dbus => polkit}/polkit-simple.h (93%) rename src/{polkit-dbus/polkit-dbus.c => polkit/polkit-tracker.c} (99%) rename src/{polkit-dbus/polkit-dbus.h => polkit/polkit-tracker.h} (85%) rename test/authdb-test/lib/{PolicyKit => polkit-1}/.gitignore (100%) rename test/authdb-test/run/{PolicyKit => polkit-1}/.gitignore (100%) rename tools/{polkit-bash-completion.sh => polkit-bash-completion-1.sh} (83%) delete mode 100644 tools/polkit-config-file-validate.c diff --git a/Makefile.am b/Makefile.am index bcc35c5..915d689 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -SUBDIRS = data src polkitd doc tools policy po test +SUBDIRS = data src doc tools policy po test # Creating ChangeLog from git log (taken from cairo/Makefile.am): ChangeLog: $(srcdir)/ChangeLog diff --git a/README b/README index 0e471d0..307df96 100644 --- a/README +++ b/README @@ -12,15 +12,15 @@ documentation, mailing lists, etc. Rationale for permissions/modes for the default backend ------------------------------------------------------- -0770 root:polkituser /var/run/PolicyKit -0770 root:polkituser /var/lib/PolicyKit +0770 root:polkituser /var/run/polkit-1 +0770 root:polkituser /var/lib/polkit-1 We store authorizations for each user here. Since we don't want users to know what authorizations other users has, no one can read these files. However, when checking authorizations we need to be able to read from here; we use this helper -2755 root:polkituser /usr/libexec/polkit-read-auth-helper +2755 root:polkituser /usr/libexec/polkit-read-auth-helper-1 which can read from here since it's setgid 'polkituser'. This helper will refuse to return authorizations for other users than the calling @@ -29,16 +29,16 @@ user except if the calling user is authorized for org.fd.pk.read. We also want to be able to grant authorizations through authentication. That happens with this helper -2755 root:polkituser /usr/libexec/polkit-grant-helper +2755 root:polkituser /usr/libexec/polkit-grant-helper-1 This program is setgid 'polkituser' so it can write files in -/var/{run,lib}/PolicyKit. Note that these files are created with mode +/var/{run,lib}/polkit-1. Note that these files are created with mode 464. To do the actual authentication check when granting authorizations -through authentication, polkit-grant-helper uses another helper +through authentication, polkit-grant-helper-1 uses another helper -4754 root:polkituser /usr/libexec/polkit-grant-helper-pam +4754 root:polkituser /usr/libexec/polkit-grant-helper-pam-1 This one is setuid root because checking authentications might need require that (you may be checking the root password). The reason @@ -48,33 +48,33 @@ can do this. Which polkit-grant-helper is. On to -2755 root:polkituser /libexec/polkit-revoke-helper +2755 root:polkituser /libexec/polkit-revoke-helper-1 This one is used to revoke authorizations. It will only allow uid 0 and users with the org.fd.pk.revoke authorization to do so. It needs to be setgid polkituser to be able to modify authorization files -in /var/{run,lib}/PolicyKit. +in /var/{run,lib}/polkit-1. -2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper +2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper-1 Same story as for polkit-revoke-helper only this grants authorizations. Only allowed for uid 0 and users with the org.fd.pk.grant authorization. On to -0755 polkituser:root /var/lib/PolicyKit-public +0755 polkituser:root /var/lib/polkit-public-1 This is where we store modifications to the defaults. Anyone should be able to read these files. They are created with mode 644. These files are written / modified by this helper -4755 polkituser:root /usr/libexec/polkit-set-default-helper +4755 polkituser:root /usr/libexec/polkit-set-default-helper-1 which is setuid polkituser to be able to write/modify files. On to -4755 root:root /usr/libexec/polkit-resolve-exe-helper +4755 root:root /usr/libexec/polkit-resolve-exe-helper-1 This is used to find the executable name for a process. On Linux this is the /proc//exe symlink and you can only do this for processes you @@ -83,7 +83,7 @@ you but only if you have the org.fd.pk.read authorization. This is important to let e.g. user 'haldaemon' check authorizations for a user requesting service. -0664 polkituser:polkituser /var/lib/misc/PolicyKit.reload +0664 polkituser:polkituser /var/lib/misc/polkit-1.reload This file is used by libpolkit to detect when something has changed (authorizations granted/revoked, defaults changed etc.). It is diff --git a/configure.in b/configure.in index 9876f5c..128289c 100644 --- a/configure.in +++ b/configure.in @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.59c) -AC_INIT(PolicyKit, 0.9, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) -AM_INIT_AUTOMAKE(PolicyKit, 0.9) +AC_INIT(PolicyKit, 0.90, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) +AM_INIT_AUTOMAKE(PolicyKit, 0.90) AM_CONFIG_HEADER(config.h) AM_MAINTAINER_MODE @@ -10,7 +10,7 @@ AM_MAINTAINER_MODE # # See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details # -LT_CURRENT=2 +LT_CURRENT=1 LT_REVISION=0 LT_AGE=0 AC_SUBST(LT_CURRENT) @@ -560,16 +560,13 @@ AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain]) AC_OUTPUT([ Makefile data/Makefile -data/polkit -data/polkit.pc -data/polkit-dbus.pc -data/polkit-grant.pc +data/polkit-grant-1 +data/polkit-1.pc +data/polkit-grant-1.pc src/Makefile src/kit/Makefile src/polkit/Makefile -src/polkit-dbus/Makefile src/polkit-grant/Makefile -polkitd/Makefile tools/Makefile doc/Makefile doc/version.xml @@ -641,36 +638,36 @@ if test "${POLKIT_AUTHDB}" = default ; then echo "NOTE: Remember to create user ${POLKIT_USER} and group ${POLKIT_GROUP}" echo " before 'make install'" echo - echo "NOTE: The directories ${localstatedir}/run/PolicyKit and ${localstatedir}/lib/PolicyKit will be" + echo "NOTE: The directories ${localstatedir}/run/polkit-1 and ${localstatedir}/lib/polkit-1 will be" echo " owned by group ${POLKIT_GROUP} and will be mode 770." echo - echo "NOTE: The directory ${localstatedir}/lib/PolicyKit-public will be" + echo "NOTE: The directory ${localstatedir}/lib/polkit-public-1 will be" echo " owned by user ${POLKIT_USER} and will be mode 755." echo - echo "NOTE: The file ${localstatedir}/lib/misc/PolicyKit.reload will be" + echo "NOTE: The file ${localstatedir}/lib/misc/polkit-1.reload will be" echo " owned by user ${POLKIT_USER} and group ${POLKIT_GROUP} and will be mode 664." echo - echo "NOTE: ${libexecdir}/polkit-set-default-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-set-default-helper-1 will be owned by" echo " user ${POLKIT_USER} and installed with mode 4755 (setuid binary)." echo - echo "NOTE: ${libexecdir}/polkit-read-auth-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-read-auth-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-revoke-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-revoke-helper-1 will be owned by" echo " group '${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-grant-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-grant-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-grant-helper-pam will be owned by group" + echo "NOTE: ${libexecdir}/polkit-grant-helper-pam-1 will be owned by group" echo " ${POLKIT_GROUP} and installed with mode 4754 (setuid root binary)." fi echo -echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper will be installed with" +echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper-1 will be installed with" echo " mode 4755 (setuid root binary)." echo echo "NOTE: For packaging, remember to retain the modes and ownership." diff --git a/data/Makefile.am b/data/Makefile.am index 8b91bc3..3625609 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -4,33 +4,18 @@ # if POLKIT_AUTHFW_PAM pamdir = $(sysconfdir)/pam.d -pam_DATA = polkit +pam_DATA = polkit-grant-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc - -confdir = $(sysconfdir)/PolicyKit -conf_DATA = PolicyKit.conf - -dtddir = $(datadir)/PolicyKit -dtd_DATA = config.dtd +pkgconfig_DATA = polkit-1.pc polkit-grant-1.pc dbusifdir = $(datadir)/dbus-1/interfaces -dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent.xml +dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent1.xml -DISTCLEANFILES = polkit.pc polkit-dbus.pc polkit-grant.pc PolicyKit.conf +DISTCLEANFILES = polkit-1.pc polkit-grant-1.pc -EXTRA_DIST = polkit.in polkit.pc.in polkit-dbus.pc.in polkit-grant.pc.in PolicyKit.conf.in config.dtd org.freedesktop.PolicyKit.AuthenticationAgent.xml +EXTRA_DIST = polkit-grant-1.in polkit-1.pc.in polkit-grant-1.pc.in org.freedesktop.PolicyKit.AuthenticationAgent1.xml clean-local : rm -f *~ - -PolicyKit.conf: PolicyKit.conf.in Makefile - $(edit) $< >$@ - -edit = sed \ - -e 's|@docdir[@]|$(docdir)|g' \ - -e 's|@sbindir[@]|$(sbindir)|g' \ - -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ - -e 's|@datadir[@]|$(datadir)|g' diff --git a/data/PolicyKit.conf.in b/data/PolicyKit.conf.in deleted file mode 100644 index 581dd9c..0000000 --- a/data/PolicyKit.conf.in +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - diff --git a/data/config.dtd b/data/config.dtd deleted file mode 100644 index 64358e9..0000000 --- a/data/config.dtd +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - - diff --git a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml similarity index 99% rename from data/org.freedesktop.PolicyKit.AuthenticationAgent.xml rename to data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml index 9101d19..bf692aa 100644 --- a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml @@ -4,7 +4,7 @@ - + diff --git a/data/polkit-1.pc.in b/data/polkit-1.pc.in new file mode 100644 index 0000000..5bc073c --- /dev/null +++ b/data/polkit-1.pc.in @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +policydir=@datarootdir@/polkit-1/policy/ +actiondir=@datarootdir@/polkit-1/policy/ + +Name: polkit +Description: Authorization API +Version: @VERSION@ +Libs: -L${libdir} -lpolkit-1 +Cflags: -I${includedir}/polkit-1 diff --git a/data/polkit-dbus.pc.in b/data/polkit-dbus.pc.in deleted file mode 100644 index db8b554..0000000 --- a/data/polkit-dbus.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-dbus -Description: helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit -Version: @VERSION@ -Requires: polkit dbus-1 -Libs: -L${libdir} -lpolkit-dbus -Cflags: -I${includedir}/PolicyKit diff --git a/data/polkit.in b/data/polkit-grant-1.in similarity index 100% rename from data/polkit.in rename to data/polkit-grant-1.in diff --git a/data/polkit-grant-1.pc.in b/data/polkit-grant-1.pc.in new file mode 100644 index 0000000..5d75382 --- /dev/null +++ b/data/polkit-grant-1.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: polkit-grant-1 +Description: Library for obtaining authorizations through authentication +Version: @VERSION@ +Requires: polkit-1 +Libs: -L${libdir} -lpolkit-grant-1 +Cflags: -I${includedir}/polkit-1 diff --git a/data/polkit-grant.pc.in b/data/polkit-grant.pc.in deleted file mode 100644 index 6055f72..0000000 --- a/data/polkit-grant.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-grant -Description: library for obtaining privileges via PolicyKit -Version: @VERSION@ -Requires: glib-2.0 polkit -Libs: -L${libdir} -lpolkit-grant -Cflags: -I${includedir}/PolicyKit diff --git a/data/polkit.pc.in b/data/polkit.pc.in deleted file mode 100644 index cf94447..0000000 --- a/data/polkit.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -policydir=@datarootdir@/PolicyKit/policy/ - -Name: polkit -Description: library for querying system-wide policy -Version: @VERSION@ -Libs: -L${libdir} -lpolkit -Cflags: -I${includedir}/PolicyKit diff --git a/doc/Makefile.am b/doc/Makefile.am index d395b71..4064815 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,7 +7,7 @@ NULL = AUTOMAKE_OPTIONS = 1.7 # The name of the module. -DOC_MODULE=polkit +DOC_MODULE=polkit-1 # The top-level SGML file. DOC_MAIN_SGML_FILE=polkit-docs.xml @@ -51,17 +51,15 @@ MKDB_OPTIONS=--sgml-mode --output-format=xml MKTMPL_OPTIONS= # Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE) -content_files = \ - version.xml \ - man/PolicyKit.xml \ - man/PolicyKit.conf.xml \ - man/polkit-auth.xml \ - man/polkit-action.xml \ - man/polkit-policy-file-validate.xml \ - man/polkit-config-file-validate.xml \ - spec/polkit-spec-configuration.xml \ - spec/polkit-spec-introduction.xml \ - spec/polkit-spec-model.xml \ +content_files = \ + version.xml \ + man/PolicyKit.xml \ + man/polkit-auth.xml \ + man/polkit-action.xml \ + man/polkit-policy-file-validate.xml \ + spec/polkit-spec-configuration.xml \ + spec/polkit-spec-introduction.xml \ + spec/polkit-spec-model.xml \ $(NULL) # Images to copy into HTML directory diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 51db9b6..76c53f3 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -1,23 +1,19 @@ if MAN_PAGES_ENABLED -man_MANS = polkit-auth.1 \ - polkit-action.1 \ - polkit-config-file-validate.1 \ - polkit-policy-file-validate.1 \ - PolicyKit.conf.5 \ - PolicyKit.8 +man_MANS = polkit-auth-1.1 \ + polkit-action-1.1 \ + polkit-policy-file-validate-1.1 \ + PolicyKit-1.8 -%.1 %.5 %.8 : %.xml +%-1.1 %-1.8 : %.xml $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< endif # MAN_PAGES_ENABLED -EXTRA_DIST= PolicyKit.conf.xml \ - PolicyKit.xml \ - polkit-config-file-validate.xml \ - polkit-auth.xml \ - polkit-action.xml \ +EXTRA_DIST= PolicyKit.xml \ + polkit-auth.xml \ + polkit-action.xml \ polkit-policy-file-validate.xml clean-local: diff --git a/doc/man/PolicyKit.conf.xml b/doc/man/PolicyKit.conf.xml deleted file mode 100644 index 52ddbdd..0000000 --- a/doc/man/PolicyKit.conf.xml +++ /dev/null @@ -1,388 +0,0 @@ - - - PolicyKit.conf - August 2007 - PolicyKit - - - - PolicyKit.conf - 5 - - - - - PolicyKit.conf - PolicyKit configuration file - - - DESCRIPTION - - The /etc/PolicyKit/PolicyKit.conf - configuration file provides a way for system administrators to - override policy for mechanisms that use the PolicyKit library to - determine whether a caller is allowed to use the mechanism. - - - - Changes to this configuration file are immediately propagated to - running processes using the PolicyKit library. If the - configuration file is invalid, processes using this library will - log this fact to the system logger and the library will only - only return no as the answer to processes - using it. - - - - The polkit-config-file-validate1 - tool can be used to verify that the configuration file is - valid. - - - - - FILE FORMAT - - The configuration file is an XML document. It must have the - following doctype declaration: - - - - -]]> - - - - The following elements may be present in the configuration file: - - - - config - - This is the root element. A single - attribute version must be present and - must be set to "0.1" at this point. There can only be one - config element in the configuration file. - - - - - match - - This element is for matching information related to the - decision making process and includes values describing both - the caller and the action. This element can be embedded in - both config and - other match elements (hence allowing for - nested matching). - - - There can only be a single attribute in - each match element and POSIX Extended - Regular Expression syntax are supported in the value part. The - following attributes are supported: - - - - - user - - - This matches on the users login name. - - - - - - action - - - For matching on the given action being queried for, for - example - action="org.foo.*" will match - on all actions whose action identifier begins with - the string "org.foo.". - - - - - - - - - return - - This element is for used to specify what result the PolicyKit - library will return. It can only be embedded in - config and match - elements and can embed no elements - itself. The return element is - typically used deeply inside a number - of match elements. A single attribute, - result is supported and it can assume - the following values: - - - - - no - - - Access denied. - - - - - - auth_self - - - Access denied, but authentication of the caller as - himself will grant access to only that caller. - - - - - - auth_self_keep_session - - - Access denied, but authentication of the caller as - himself will grant access to any caller in the - session of the caller belongs to. - - - - - - auth_self_keep_always - - - Access denied, but authentication of the caller as - himself will grant access any caller with the given - uid in the future. - - - - - - auth_admin - - - Access denied, but authentication of the caller as - an administrative user will grant access to only - that caller. - - - - - - auth_admin_keep_session - - - Access denied, but authentication of the caller as - an administrative user will grant access to any caller - in the session of the caller belongs to. - - - - - - auth_admin_keep_always - - - Access denied, but authentication of the caller as - an administrative user will grant access any caller - with the given uid in the future. - - - - - - yes - - - Access granted. - - - - - - - - - define_admin_auth - - This element is used to specify the meaning of - "authenticate as administrator". It - is normally used at the top-level but can also be used - deep inside a number of - match elements for conditional - behavior. - - - - There can only be a single attribute in - each define_admin_auth element. POSIX - Extended Regular Expression syntax - is not supported in the value part, - however multiple values to match on can be separated with - the bar (|) character. The following attributes are - supported: - - - - - user - - - Administrator authentication means authenticate as - the given user(s). If - no define_admin_auth element is - given, the default is to - use user="root" - e.g. administrator authentication mean authenticate - as the super user. - - - - - - group - - - Administrator authentication means that any user in - the groups matching the given value can be used to - authenticate. Typically, on a system with the root - account disabled one wants to use something like - group="wheel" to e.g. enable - all UNIX users in the UNIX group - wheel to be able to - authentication whenever administrator authentication - is required. - - - - - - - - - - - EXAMPLES - - For brevity, the standard XML and DOCTYPE headers as well as - the top-level config are omitted in the - following configuration file examples. The actions used may - also be fictional, - use polkit-action1, - to learn about the actions available on your system. - - - - ALLOW EVERYTHING - - The users "davidz" and "bateman" are allowed to do any - action: - - - - - -]]> - - - - - MOUNTING FIXED DRIVES - - Suppose the - action org.freedesktop.hal.storage.mount-fixed - is used to determine whether mounting internal hard drives - are allowed. Then this configuration file - - - - - - - - - - - -]]> - - - specifies that user "davidz" is always allowed to do the - action, while user "freddy" is never allowed to do the - action. Other users will be subject to the defaults - results specified in the .policy file - describing the action. - - - - - AVOIDING THE ROOT PASSWORD - - Suppose the group wheel contains the - users on a system who are allowed to carry out administrative - tasks (ie. tasks that would usually require the root password) - on a system where the root account is disabled. Then - - - -]]> - - - can be used to specify that users in said group can - authenticate using their own password in instances where the - system would normally prompt for the root password. - - - - - - - AUTHOR - - Written by David Zeuthen david@fubar.dk with - a lot of help from many others. - - - - - BUGS - - Please send bug reports to either the distribution or the - hal mailing list, - see . - to subscribe. - - - - - SEE ALSO - - - PolicyKit8 - , - - polkit-config-file-validate1 - , - - polkit-action1 - , - - polkit-auth1 - - - - diff --git a/doc/man/PolicyKit.xml b/doc/man/PolicyKit.xml index 23b11d6..071f0b3 100644 --- a/doc/man/PolicyKit.xml +++ b/doc/man/PolicyKit.xml @@ -1,19 +1,19 @@ - + - PolicyKit + PolicyKit-1 August 2007 - PolicyKit + PolicyKit-1 - PolicyKit + PolicyKit-1 8 - PolicyKit - Centralized policy management + PolicyKit-1 + Authorization API DESCRIPTION @@ -42,8 +42,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -52,13 +52,10 @@ SEE ALSO - PolicyKit.conf5 + polkit-action-11 , - polkit-action1 - , - - polkit-auth1 + polkit-auth-11 diff --git a/doc/man/polkit-action.xml b/doc/man/polkit-action.xml index 3d1cc29..629d7ea 100644 --- a/doc/man/polkit-action.xml +++ b/doc/man/polkit-action.xml @@ -1,24 +1,24 @@ - + - polkit-action + polkit-action-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-action + polkit-action-1 1 - polkit-action + polkit-action-1 List and modify registered PolicyKit actions - polkit-action + polkit-action-1 @@ -33,7 +33,7 @@ DESCRIPTION - polkit-action is used to list and modify the PolicyKit actions + polkit-action-1 is used to list and modify the PolicyKit actions that are registered on the system. @@ -174,8 +174,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -187,10 +187,7 @@ PolicyKit8 , - PolicyKit.conf5 - , - - polkit-auth1 + polkit-auth-11 diff --git a/doc/man/polkit-auth.xml b/doc/man/polkit-auth.xml index 8a4735f..bea49f5 100644 --- a/doc/man/polkit-auth.xml +++ b/doc/man/polkit-auth.xml @@ -1,24 +1,24 @@ - + - polkit-auth + polkit-auth-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-auth + polkit-auth-1 1 - polkit-auth + polkit-auth-1 Manage authorizations - polkit-auth + polkit-auth-1 @@ -34,7 +34,7 @@ DESCRIPTION - polkit-auth is used to inspect, obtain, grant and revoke + polkit-auth-1 is used to inspect, obtain, grant and revoke PolicyKit authorizations. If invoked without any options, the authorizations of the calling process will be printed. @@ -73,7 +73,7 @@ POLKIT_AUTH_FORCE_TEXT is set. If the environment variable POLKIT_AUTH_GRANT_TO_PID is set, the authorization will be granted to that process id instead of the invoking process - (e.g. the shell from which polkit-auth is launched). + (e.g. the shell from which polkit-auth-1 is launched). @@ -308,7 +308,7 @@ bash1 - shell. For completion to properly work for polkit-auth, + shell. For completion to properly work for polkit-auth-1, arguments should be entered in the order specified in this manual page; for example. should be specified before to complete only on @@ -323,8 +323,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -333,13 +333,10 @@ SEE ALSO - PolicyKit8 + PolicyKit-18 , - PolicyKit.conf5 - , - - polkit-action1 + polkit-action-11 diff --git a/doc/man/polkit-config-file-validate.xml b/doc/man/polkit-config-file-validate.xml deleted file mode 100644 index a9bbb80..0000000 --- a/doc/man/polkit-config-file-validate.xml +++ /dev/null @@ -1,96 +0,0 @@ - - - polkit-config-file-validate - August 2007 - PolicyKit - - - - polkit-config-file-validate - 1 - - - - - polkit-config-file-validate - Validate a PolicyKit configuration file - - - - - polkit-config-file-validate [/path/to/config/file] - - - - - - - DESCRIPTION - - polkit-config-file-validate is used to verify that a given - PolicyKit configuration file is valid. If no path to a - config file is given, the default - /etc/PolicyKit/PolicyKit.conf file - will be verified. - - - - The typical role of this tool is to verify a configuration - file before deploying it on one or more machines. - - - - This program exit with exit code 0 if the configuration file - is valid. If not, the program exits with a non-zero exit - code. - - - - - OPTIONS - - - - - - Show version and exit. - - - - - - - - - Show usage information and exit. - - - - - - - - BUGS - - Please send bug reports to either the distribution or the - hal mailing list, - see . - to subscribe. - - - - - SEE ALSO - - - PolicyKit8 - , - - PolicyKit.conf5 - , - - polkit-policy-file-validate1 - - - - diff --git a/doc/man/polkit-policy-file-validate.xml b/doc/man/polkit-policy-file-validate.xml index 7fb55f0..61a17e2 100644 --- a/doc/man/polkit-policy-file-validate.xml +++ b/doc/man/polkit-policy-file-validate.xml @@ -1,24 +1,24 @@ - + - polkit-policy-file-validate + polkit-policy-file-validate-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-policy-file-validate + polkit-policy-file-validate-1 1 - polkit-policy-file-validate + polkit-policy-file-validate-1 Validate a PolicyKit policy file - polkit-policy-file-validate policy-files + polkit-policy-file-validate-1 policy-files @@ -27,7 +27,7 @@ DESCRIPTION - polkit-policy-file-validate is used to verify that one or + polkit-policy-file-validate-1 is used to verify that one or more PolicyKit .policy files are valid. @@ -72,8 +72,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -82,14 +82,8 @@ SEE ALSO - PolicyKit8 + PolicyKit-18 , - - PolicyKit.conf5 - , - - polkit-config-file-validate1 - diff --git a/doc/polkit-docs.xml b/doc/polkit-docs.xml index 5673bb3..91e0bec 100644 --- a/doc/polkit-docs.xml +++ b/doc/polkit-docs.xml @@ -91,7 +91,7 @@ - + diff --git a/policy/Makefile.am b/policy/Makefile.am index 96941d0..d062a8e 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,12 +1,12 @@ -polkit_policydir = $(datadir)/PolicyKit/policy +polkit_actiondir = $(datadir)/polkit-1/actions -dist_polkit_policy_DATA = org.freedesktop.policykit.policy +dist_polkit_action_DATA = org.freedesktop.policykit.policy @INTLTOOL_POLICY_RULE@ check: - $(top_builddir)/tools/polkit-policy-file-validate $(top_srcdir)/policy/$(dist_polkit_policy_DATA) + $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) clean-local : rm -f *~ diff --git a/src/Makefile.am b/src/Makefile.am index 02554f1..5e2267f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = kit polkit polkit-dbus polkit-grant +SUBDIRS = kit polkit polkit-grant clean-local : rm -f *~ diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am deleted file mode 100644 index 4166f98..0000000 --- a/src/polkit-dbus/Makefile.am +++ /dev/null @@ -1,125 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir)/src -I$(top_srcdir)/src \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - -DPOLKIT_COMPILATION \ - @DBUS_CFLAGS@ - -lib_LTLIBRARIES=libpolkit-dbus.la - -libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus - -libpolkit_dbusinclude_HEADERS = \ - polkit-dbus.h \ - polkit-simple.h - -libpolkit_dbus_la_SOURCES = \ - polkit-dbus.h polkit-dbus.c \ - polkit-simple.h polkit-simple.c - -libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS) - -if POLKIT_BUILD_TESTS -libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ -else -libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ - -export-dynamic -no-undefined -export-symbols-regex '^polkit_.*' -endif - -libexec_PROGRAMS = polkit-resolve-exe-helper - -polkit_resolve_exe_helper_SOURCES = polkit-resolve-exe-helper.c -polkit_resolve_exe_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_resolve_exe_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -if POLKIT_AUTHDB_DEFAULT -libexec_PROGRAMS += polkit-read-auth-helper polkit-set-default-helper - -polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c -polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_read_auth_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -polkit_set_default_helper_SOURCES = polkit-set-default-helper.c -polkit_set_default_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_set_default_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able -# to read authorization files in /var/lib/PolicyKit and -# /var/run/PolicyKit -# -# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able -# to write .defaults-override files in /var/lib/PolicyKit-public -# -# polkit-resolve-exe-helper needs to be setuid root to be able to resolve -# /proc/$pid/exe symlinks. -# -install-exec-hook: - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper - -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper -else -install-exec-hook: - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper -endif - - -## note that TESTS has special meaning (stuff to use in make check) -## so if adding tests not to be run in make check, don't add them to -## TESTS -if KIT_BUILD_TESTS -TESTS_ENVIRONMENT= -TESTS=polkit-dbus-test - -check_PROGRAMS=$(TESTS) - -polkit_dbus_test_SOURCES= \ - polkit-dbus-test.h polkit-dbus-test.c - -polkit_dbus_test_LDADD=$(top_builddir)/src/polkit-dbus/libpolkit-dbus.la -polkit_dbus_test_LDFLAGS= - -if KIT_GCOV_ENABLED -clean-gcov: - rm -f *.gcov .libs/*.gcda *.gcda - -.PHONY: coverage-report.txt covered-files.txt - -covered-files.txt : - echo $(addprefix src/polkit-dbus/,$(filter %.c,$(libpolkit_dbus_la_SOURCES))) > covered-files.txt -if POLKIT_AUTHDB_DEFAULT - echo src/polkit-dbus/polkit-read-auth-helper.c >> covered-files.txt -endif - -coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_dbus_la_SOURCES)) -o .libs/ > /dev/null -if POLKIT_AUTHDB_DEFAULT - gcov polkit-read-auth-helper.c -o .libs/ > /dev/null -endif - $(top_srcdir)/test/create-coverage-report.sh "module polkit-dbus" `cat covered-files.txt` > coverage-report.txt - -check-coverage : coverage-report.txt - cat coverage-report.txt -else -coverage-report.txt: - @echo "Need to reconfigure with --enable-gcov" - -check-coverage: - @echo "Need to reconfigure with --enable-gcov" -endif - -else -TESTS= -endif - -clean-local : - rm -f *~ *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg diff --git a/src/polkit-dbus/polkit-dbus-test.c b/src/polkit-dbus/polkit-dbus-test.c deleted file mode 100644 index e5bde67..0000000 --- a/src/polkit-dbus/polkit-dbus-test.c +++ /dev/null @@ -1,63 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-dbus-test.c : polkit-dbus tests - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#include -#include -#include -#include -#include - -#define MAX_TESTS 64 - -/** - * SECTION:polkit-dbus-test - * @short_description: Testing code for libpolkit-dbus - * - * Testing code for libpolkit-dbus - */ - -static KitTest *tests[] = { - &_test_polkit_dbus, -}; - -int -main (int argc, char *argv[]) -{ - /* Some of the code will log to syslog because .policy files - * etc. may be malformed. Since this will open a socket to the - * system logger preempt this so the fd-leak checking don't - * freak out. - */ - syslog (LOG_INFO, "libpolkit-dbus: initiating test; bogus alerts may be written to syslog"); - - if (kit_test_run (tests, sizeof (tests) / sizeof (KitTest*))) - return 0; - else - return 1; -} diff --git a/src/polkit-dbus/polkit-dbus-test.h b/src/polkit-dbus/polkit-dbus-test.h deleted file mode 100644 index 59e482d..0000000 --- a/src/polkit-dbus/polkit-dbus-test.h +++ /dev/null @@ -1,47 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-dbus-test.h : polkit-dbus tests - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) -#error "polkit-dbus-test.h is a private file" -#endif - -#ifndef POLKIT_DBUS_TEST_H -#define POLKIT_DBUS_TEST_H - -#include - -POLKIT_BEGIN_DECLS - -extern KitTest _test_polkit_dbus; - -POLKIT_END_DECLS - -#endif /* POLKIT_DBUS_TEST_H */ - - diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am index 18f9b6e..87c821b 100644 --- a/src/polkit-grant/Makefile.am +++ b/src/polkit-grant/Makefile.am @@ -13,32 +13,32 @@ INCLUDES = \ -DPOLKIT_COMPILATION \ @GLIB_CFLAGS@ @DBUS_CFLAGS@ -lib_LTLIBRARIES=libpolkit-grant.la +lib_LTLIBRARIES=libpolkit-grant-1.la -libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant +libpolkit_grant_1includedir=$(includedir)/polkit-1/polkit-grant -libpolkit_grantinclude_HEADERS = \ +libpolkit_grant_1include_HEADERS = \ polkit-grant.h -libpolkit_grant_la_SOURCES = \ +libpolkit_grant_1_la_SOURCES = \ polkit-grant.h polkit-grant.c if POLKIT_AUTHDB_DUMMY -libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c +libpolkit_grant_1_la_SOURCES += polkit-authorization-db-dummy-write.c endif if POLKIT_AUTHDB_DEFAULT -libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c +libpolkit_grant_1_la_SOURCES += polkit-authorization-db-write.c endif -libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +libpolkit_grant_1_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la if POLKIT_BUILD_TESTS -libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ +libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ else -libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ +libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ -export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_polkit_authorization_db_auth_file_add)' endif @@ -48,38 +48,38 @@ endif # adjust the PAM stuff in data/Makefile.am # if POLKIT_AUTHDB_DEFAULT -libexec_PROGRAMS = polkit-grant-helper +libexec_PROGRAMS = polkit-grant-helper-1 if POLKIT_AUTHFW_PAM -libexec_PROGRAMS += polkit-grant-helper-pam +libexec_PROGRAMS += polkit-grant-helper-pam-1 endif if POLKIT_AUTHFW_SHADOW -libexec_PROGRAMS += polkit-grant-helper-shadow +libexec_PROGRAMS += polkit-grant-helper-shadow-1 endif -libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper +libexec_PROGRAMS += polkit-explicit-grant-helper-1 polkit-revoke-helper-1 -polkit_grant_helper_SOURCES = polkit-grant-helper.c -polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la +polkit_grant_helper_1_SOURCES = polkit-grant-helper.c +polkit_grant_helper_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la if POLKIT_AUTHFW_PAM -polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c -polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_grant_helper_pam_1_SOURCES = polkit-grant-helper-pam.c +polkit_grant_helper_pam_1_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la endif if POLKIT_AUTHFW_SHADOW -polkit_grant_helper_shadow_SOURCES = polkit-grant-helper-shadow.c -polkit_grant_helper_shadow_LDADD = @AUTH_LIBS@ +polkit_grant_helper_shadow_1_SOURCES = polkit-grant-helper-shadow.c +polkit_grant_helper_shadow_1_LDADD = @AUTH_LIBS@ endif -polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c -polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_explicit_grant_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la +polkit_explicit_grant_helper_1_SOURCES = polkit-explicit-grant-helper.c +polkit_explicit_grant_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_explicit_grant_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la -polkit_revoke_helper_SOURCES = polkit-revoke-helper.c -polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la +polkit_revoke_helper_1_SOURCES = polkit-revoke-helper.c +polkit_revoke_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_revoke_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la # polkit-grant-helper needs to be setgid polkituser to be able to # write cookies to /var/lib/PolicyKit and /var/run/PolicyKit @@ -99,20 +99,20 @@ polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/s # /var/run/PolicyKit # install-exec-hook: - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper-1 if POLKIT_AUTHFW_PAM - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam - -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1 + -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1 endif if POLKIT_AUTHFW_SHADOW - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow - -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1 + -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1 endif - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1 endif ## note that TESTS has special meaning (stuff to use in make check) @@ -127,7 +127,7 @@ check_PROGRAMS=$(TESTS) polkit_grant_test_SOURCES= \ polkit-grant-test.h polkit-grant-test.c -polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant.la +polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant-1.la polkit_grant_test_LDFLAGS= if KIT_GCOV_ENABLED @@ -137,7 +137,7 @@ clean-gcov: .PHONY: coverage-report.txt covered-files.txt covered-files.txt : - echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_la_SOURCES))) > covered-files.txt + echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_1_la_SOURCES))) > covered-files.txt if POLKIT_AUTHDB_DEFAULT echo src/polkit-grant/polkit-explicit-grant-helper.c >> covered-files.txt echo src/polkit-grant/polkit-grant-helper.c >> covered-files.txt @@ -151,7 +151,7 @@ endif endif coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_grant_la_SOURCES)) -o .libs/ > /dev/null + gcov $(filter %.c,$(libpolkit_grant_1_la_SOURCES)) -o .libs/ > /dev/null if POLKIT_AUTHDB_DEFAULT gcov polkit-explicit-grant-helper.c -o .libs/ > /dev/null gcov polkit-grant-helper.c -o .libs/ > /dev/null diff --git a/src/polkit-grant/polkit-authorization-db-write.c b/src/polkit-grant/polkit-authorization-db-write.c index 6aa8ce2..fec91a1 100644 --- a/src/polkit-grant/polkit-authorization-db-write.c +++ b/src/polkit-grant/polkit-authorization-db-write.c @@ -99,9 +99,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char char *newline = "\n"; if (transient) - root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; + root = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; else - root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + root = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; ret = FALSE; path = NULL; @@ -202,9 +202,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char } /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { g_warning ("Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } ret = TRUE; @@ -738,7 +738,7 @@ _grant_internal (PolKitAuthorizationDB *authdb, polkit_bool_t is_negative) { GError *g_error; - char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL}; + char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper-1", NULL, NULL, NULL, NULL, NULL}; gboolean ret; gint exit_status; char cbuf[1024]; diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c index 2e83bde..5609912 100644 --- a/src/polkit-grant/polkit-explicit-grant-helper.c +++ b/src/polkit-grant/polkit-explicit-grant-helper.c @@ -49,7 +49,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -75,7 +75,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-explicit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 5) { diff --git a/src/polkit-grant/polkit-grant-helper-pam.c b/src/polkit-grant/polkit-grant-helper-pam.c index d6f4677..2596595 100644 --- a/src/polkit-grant/polkit-grant-helper-pam.c +++ b/src/polkit-grant/polkit-grant-helper-pam.c @@ -80,7 +80,7 @@ main (int argc, char *argv[]) goto error; } - openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-grant-helper-pam-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 1) { diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c index cdfa710..ff4b03f 100644 --- a/src/polkit-grant/polkit-grant-helper.c +++ b/src/polkit-grant/polkit-grant-helper.c @@ -59,7 +59,7 @@ #include -#include +#include // #include #ifdef HAVE_SOLARIS @@ -151,7 +151,7 @@ * FAILURE on stdin. If FAILURE * is received, then die with exit * code 1. If SUCCESS, leave a cookie - * in /var/{lib,run}/PolicyKit indicating + * in /var/{lib,run}/polkit-1 indicating * the grant was successful and die with * exit code 0 * @@ -178,10 +178,10 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation) int helper_stdout; GError *g_error; #ifdef POLKIT_AUTHFW_PAM - char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL}; + char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam-1", NULL}; #endif #ifdef POLKIT_AUTHFW_SHADOW - char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow", NULL}; + char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow-1", NULL}; #endif char buf[256]; FILE *child_stdin; @@ -330,98 +330,9 @@ verify_with_polkit (PolKitContext *pol_ctx, *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) { - PolKitConfig *pk_config; - PolKitConfigAdminAuthType admin_auth_type; - const char *admin_auth_data; - - pk_config = polkit_context_get_config (pol_ctx, NULL); - /* if the configuration file is malformed, bail out */ - if (pk_config == NULL) - goto error; - - if (polkit_config_determine_admin_auth_type (pk_config, - action, - caller, - &admin_auth_type, - &admin_auth_data)) { -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data); -#endif /* PGH_DEBUG */ - switch (admin_auth_type) { - case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: - if (admin_auth_data != NULL) - *out_admin_users = g_strsplit (admin_auth_data, "|", 0); - break; - case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: - if (admin_auth_data != NULL) { - int n; - char **groups; - GSList *i; - GSList *users; - - - users = NULL; - groups = g_strsplit (admin_auth_data, "|", 0); - for (n = 0; groups[n] != NULL; n++) { - int m; - struct group *group; - - /* This is fine; we're a single-threaded app */ - if ((group = getgrnam (groups[n])) == NULL) - continue; - - for (m = 0; group->gr_mem[m] != NULL; m++) { - const char *user; - gboolean found; - - user = group->gr_mem[m]; - found = FALSE; - -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]); -#endif /* PGH_DEBUG */ - - /* skip user 'root' since he is often member of 'wheel' etc. */ - if (strcmp (user, "root") == 0) - continue; - /* TODO: we should probably only consider users with an uid - * in a given "safe" range, e.g. between 500 and 32000 or - * something like that... - */ - - for (i = users; i != NULL; i = g_slist_next (i)) { - if (strcmp (user, (const char *) i->data) == 0) { - found = TRUE; - break; - } - } - if (found) - continue; - -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user); -#endif /* PGH_DEBUG */ - - users = g_slist_prepend (users, g_strdup (user)); - } - - } - g_strfreev (groups); - - users = g_slist_sort (users, (GCompareFunc) strcmp); - - *out_admin_users = g_new0 (char *, g_slist_length (users) + 1); - for (i = users, n = 0; i != NULL; i = g_slist_next (i)) { - (*out_admin_users)[n++] = i->data; - } - - g_slist_free (users); - } - break; - } - } + /* TODO: need to revisit this and return list of users that can auth */ + *out_admin_users = NULL; } - /* TODO: we should probably clean up */ @@ -571,7 +482,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 3) { diff --git a/src/polkit-grant/polkit-grant.c b/src/polkit-grant/polkit-grant.c index c491b53..ad4c98f 100644 --- a/src/polkit-grant/polkit-grant.c +++ b/src/polkit-grant/polkit-grant.c @@ -495,8 +495,8 @@ polkit_grant_initiate_auth (PolKitGrant *polkit_grant, /* TODO: verify incoming args */ - /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */ - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper"; + /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper-1"; */ + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-1"; helper_argv[1] = g_strdup_printf ("%d", pid); helper_argv[2] = action_id; helper_argv[3] = NULL; diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c index 5f59856..3b79813 100644 --- a/src/polkit-grant/polkit-revoke-helper.c +++ b/src/polkit-grant/polkit-revoke-helper.c @@ -48,7 +48,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -118,7 +118,7 @@ main (int argc, char *argv[]) setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); #endif - openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-revoke-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 4) { @@ -204,12 +204,12 @@ skip_check: if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) { test_dir = PACKAGE_LOCALSTATE_DIR; } - kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run)); - kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib)); + kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run)); + kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib)); #else - char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; - char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; + char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; #endif @@ -347,9 +347,9 @@ skip_check: goto no_reload; #endif /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { fprintf (stderr, "Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } #ifdef POLKIT_BUILD_TESTS no_reload: diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 4c3d313..9c200a1 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -12,13 +12,15 @@ INCLUDES = \ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ -DPOLKIT_COMPILATION \ -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \ - -DTEST_BUILD_DIR=\"$(top_builddir)\" + -DTEST_BUILD_DIR=\"$(top_builddir)\" \ + @DBUS_CFLAGS@ -lib_LTLIBRARIES=libpolkit.la -libpolkitincludedir=$(includedir)/PolicyKit/polkit +lib_LTLIBRARIES=libpolkit-1.la -libpolkitinclude_HEADERS = \ +libpolkit_1includedir=$(includedir)/polkit-1/polkit + +libpolkit_1include_HEADERS = \ polkit.h \ polkit-sysdeps.h \ polkit-types.h \ @@ -33,12 +35,13 @@ libpolkitinclude_HEADERS = \ polkit-policy-file.h \ polkit-policy-cache.h \ polkit-policy-default.h \ - polkit-config.h \ polkit-authorization.h \ polkit-authorization-constraint.h \ - polkit-authorization-db.h + polkit-authorization-db.h \ + polkit-tracker.h \ + polkit-simple.h -libpolkit_la_SOURCES = \ +libpolkit_1_la_SOURCES = \ polkit.h \ polkit-private.h \ polkit-types.h \ @@ -56,27 +59,28 @@ libpolkit_la_SOURCES = \ polkit-policy-default.h polkit-policy-default.c \ polkit-debug.h polkit-debug.c \ polkit-utils.h polkit-utils.c \ - polkit-config.h polkit-config.c \ polkit-authorization.h polkit-authorization.c \ polkit-authorization-constraint.h polkit-authorization-constraint.c \ - polkit-authorization-db.h + polkit-authorization-db.h \ + polkit-tracker.h polkit-tracker.c \ + polkit-simple.h polkit-simple.c if POLKIT_AUTHDB_DUMMY -libpolkit_la_SOURCES += \ +libpolkit_1_la_SOURCES += \ polkit-authorization-db-dummy.c endif if POLKIT_AUTHDB_DEFAULT -libpolkit_la_SOURCES += \ +libpolkit_1_la_SOURCES += \ polkit-authorization-db.c endif -libpolkit_la_LIBADD = @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la +libpolkit_1_la_LIBADD = @DBUS_LIBS@ @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la $(SELINUX_LIBS) if POLKIT_BUILD_TESTS -libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ +libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ else -libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ +libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ -export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_pk_validate_unique_bus_name)' endif @@ -92,7 +96,7 @@ check_PROGRAMS=$(TESTS) polkit_test_SOURCES= \ polkit-test.h polkit-test.c -polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la polkit_test_LDFLAGS= if POLKIT_GCOV_ENABLED @@ -102,10 +106,10 @@ clean-gcov: .PHONY: coverage-report.txt covered-files.txt covered-files.txt : - echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_la_SOURCES))) > covered-files.txt + echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_1_la_SOURCES))) > covered-files.txt coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_la_SOURCES)) -o .libs/ > /dev/null + gcov $(filter %.c,$(libpolkit_1_la_SOURCES)) -o .libs/ > /dev/null $(top_srcdir)/test/create-coverage-report.sh "module polkit" `cat covered-files.txt` > coverage-report.txt check-coverage : coverage-report.txt @@ -125,32 +129,66 @@ endif clean-local : rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg +libexec_PROGRAMS = polkit-resolve-exe-helper-1 + +polkit_resolve_exe_helper_1_SOURCES = polkit-resolve-exe-helper.c +polkit_resolve_exe_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_resolve_exe_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + if POLKIT_AUTHDB_DEFAULT -# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where +libexec_PROGRAMS += polkit-read-auth-helper-1 polkit-set-default-helper-1 + +polkit_read_auth_helper_1_SOURCES = polkit-read-auth-helper.c +polkit_read_auth_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_read_auth_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + +polkit_set_default_helper_1_SOURCES = polkit-set-default-helper.c +polkit_set_default_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_set_default_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + +# The directories /var/lib/polkit-1 and /var/run/polkit-1 is where # authorizations are stored. They must not be world readable (the # polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP # group needs to be able to write files there. # -# The directory /var/lib/PolicyKit-public is used for storing world-readable +# The directory /var/lib/polkit-public-1 is used for storing world-readable # information. Only $POLKIT_USER may write to it. # -# The /var/lib/misc/PolicyKit.reload file is used for triggering that +# The /var/lib/misc/polkit-1.reload file is used for triggering that # authorizations have changed; it needs to be world readable and # writeable for user $POLKIT_USER and group $POLKIT_GROUP (FHS 2.3 suggests # that location) # -install-data-local: +# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able +# to read authorization files in /var/lib/polkit-1 and +# /var/run/polkit-1 +# +# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able +# to write .defaults-override files in /var/lib/polkit-public-1 +# +# polkit-resolve-exe-helper needs to be setuid root to be able to resolve +# /proc/$pid/exe symlinks. +# +install-exec-hook: mkdir -p $(DESTDIR)$(localstatedir)/lib/misc - touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit - mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit - -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit - -chmod 755 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit - -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit + touch $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(localstatedir)/run/polkit-1 + -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/polkit-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/polkit-1 + -chmod 755 $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + -chmod 770 $(DESTDIR)$(localstatedir)/lib/polkit-1 + -chmod 770 $(DESTDIR)$(localstatedir)/run/polkit-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1 + -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper-1 +else +install-exec-hook: + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper endif diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c index 1e339b6..37529a3 100644 --- a/src/polkit/polkit-authorization-db.c +++ b/src/polkit/polkit-authorization-db.c @@ -278,13 +278,13 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb, char helper_buf[256]; char *helper_bin_dir; if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) { - kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-dbus/polkit-read-auth-helper", helper_bin_dir) < sizeof (helper_buf)); + kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit/polkit-read-auth-helper-1", helper_bin_dir) < sizeof (helper_buf)); helper_argv[0] = helper_buf; } else { - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1"; } #else - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1"; #endif /* first, see if this is in the cache */ @@ -1042,13 +1042,13 @@ polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb, char helper_buf[256]; char *helper_bin_dir; if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) { - kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper", helper_bin_dir) < sizeof (helper_buf)); + kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper-1", helper_bin_dir) < sizeof (helper_buf)); helper_argv[0] = helper_buf; } else { - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1"; } #else - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1"; #endif helper_argv[1] = (char *) auth_file_entry; @@ -1236,22 +1236,22 @@ _run_test (void) goto out; /* seed the authdb with known defaults */ - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu1.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu1.auths", 0644, test_pu1_run, sizeof (test_pu1_run) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu1.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu1.auths", 0644, test_pu1_lib, sizeof (test_pu1_lib) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu2.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu2.auths", 0644, test_pu2_run, sizeof (test_pu2_run) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu2.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu2.auths", 0644, test_pu2_lib, sizeof (test_pu2_lib) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu3.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu3.auths", 0644, test_pu3_run, strlen (test_pu3_run))) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu3.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu3.auths", 0644, test_pu3_lib, sizeof (test_pu3_lib) - 1)) goto out; @@ -1320,6 +1320,11 @@ _run_test (void) if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) { kit_assert (! polkit_error_is_set (error) && !is_auth && !is_neg); } else { + kit_warning ("%p: %d: %s: %s", + error, + polkit_error_get_error_code (error), + polkit_error_get_error_name (error), + polkit_error_get_error_message (error)); kit_assert (polkit_error_is_set (error) && polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY); polkit_error_free (error); diff --git a/src/polkit/polkit-config.c b/src/polkit/polkit-config.c deleted file mode 100644 index 375615e..0000000 --- a/src/polkit/polkit-config.c +++ /dev/null @@ -1,786 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config.h : Configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "polkit-config.h" -#include "polkit-debug.h" -#include "polkit-error.h" -#include "polkit-private.h" -#include "polkit-test.h" - -/** - * SECTION:polkit-config - * @title: Configuration - * @short_description: Represents the system-wide /etc/PolicyKit/PolicyKit.conf file. - * - * This class is used to represent the /etc/PolicyKit/PolicyKit.conf - * configuration file. Applications using PolicyKit should never use - * this class; it's only here for integration with other PolicyKit - * components. - **/ - -enum { - STATE_NONE, - STATE_UNKNOWN_TAG, - STATE_IN_CONFIG, - STATE_IN_MATCH, - STATE_IN_RETURN, - STATE_IN_DEFINE_ADMIN_AUTH, -}; - -struct ConfigNode; -typedef struct ConfigNode ConfigNode; - -/** - * PolKitConfig: - * - * This class represents the system-wide configuration file for - * PolicyKit. Applications using PolicyKit should never use this - * class; it's only here for integration with other PolicyKit - * components. - **/ -struct _PolKitConfig -{ - int refcount; - ConfigNode *top_config_node; -}; - -#define PARSER_MAX_DEPTH 32 - -typedef struct { - XML_Parser parser; - int state; - PolKitConfig *pk_config; - const char *path; - - int state_stack[PARSER_MAX_DEPTH]; - ConfigNode *node_stack[PARSER_MAX_DEPTH]; - - int stack_depth; -} ParserData; - -enum { - NODE_TYPE_NOP, - NODE_TYPE_TOP, - NODE_TYPE_MATCH, - NODE_TYPE_RETURN, - NODE_TYPE_DEFINE_ADMIN_AUTH, -}; - -enum { - MATCH_TYPE_ACTION, - MATCH_TYPE_USER, -}; - -static const char * const match_names[] = -{ - "action", - "user", -}; - -static const char * const define_admin_auth_names[] = -{ - "user", - "group", -}; - -struct ConfigNode -{ - int node_type; - - union { - - struct { - int match_type; - char *data; - regex_t preq; - } node_match; - - struct { - PolKitResult result; - } node_return; - - struct { - PolKitConfigAdminAuthType admin_type; - char *data; - } node_define_admin_auth; - - } data; - - KitList *children; -}; - - -static ConfigNode * -config_node_new (void) -{ - ConfigNode *node; - node = kit_new0 (ConfigNode, 1); - return node; -} - -static void -config_node_dump_real (ConfigNode *node, unsigned int indent) -{ - KitList *i; - unsigned int n; - char buf[128]; - - for (n = 0; n < indent && n < sizeof (buf) - 1; n++) - buf[n] = ' '; - buf[n] = '\0'; - - switch (node->node_type) { - case NODE_TYPE_NOP: - polkit_debug ("%sNOP", buf); - break; - case NODE_TYPE_TOP: - polkit_debug ("%sTOP", buf); - break; - case NODE_TYPE_MATCH: - polkit_debug ("%sMATCH %s (%d) with '%s'", - buf, - match_names[node->data.node_match.match_type], - node->data.node_match.match_type, - node->data.node_match.data); - break; - case NODE_TYPE_RETURN: - polkit_debug ("%sRETURN %s (%d)", - buf, - polkit_result_to_string_representation (node->data.node_return.result), - node->data.node_return.result); - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - polkit_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'", - buf, - define_admin_auth_names[node->data.node_define_admin_auth.admin_type], - node->data.node_define_admin_auth.admin_type, - node->data.node_define_admin_auth.data); - break; - break; - } - - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child = i->data; - config_node_dump_real (child, indent + 2); - } -} - -static void -config_node_dump (ConfigNode *node) -{ - - config_node_dump_real (node, 0); -} - -static void -config_node_unref (ConfigNode *node) -{ - KitList *i; - - switch (node->node_type) { - case NODE_TYPE_NOP: - break; - case NODE_TYPE_TOP: - break; - case NODE_TYPE_MATCH: - kit_free (node->data.node_match.data); - regfree (&(node->data.node_match.preq)); - break; - case NODE_TYPE_RETURN: - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - kit_free (node->data.node_define_admin_auth.data); - break; - } - - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child = i->data; - config_node_unref (child); - } - kit_list_free (node->children); - kit_free (node); -} - -static void -_start (void *data, const char *el, const char **attr) -{ - int state; - int num_attr; - ParserData *pd = data; - ConfigNode *node; - - polkit_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth); - - for (num_attr = 0; attr[num_attr] != NULL; num_attr++) - ; - - state = STATE_NONE; - node = config_node_new (); - node->node_type = NODE_TYPE_NOP; - - switch (pd->state) { - case STATE_NONE: - if (strcmp (el, "config") == 0) { - state = STATE_IN_CONFIG; - polkit_debug ("parsed config node"); - - if (pd->pk_config->top_config_node != NULL) { - polkit_debug ("Multiple config nodes?"); - goto error; - } - - node->node_type = NODE_TYPE_TOP; - pd->pk_config->top_config_node = node; - } - break; - case STATE_IN_CONFIG: /* explicit fallthrough */ - case STATE_IN_MATCH: - if ((strcmp (el, "match") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_MATCH; - if (strcmp (attr[0], "action") == 0) { - node->data.node_match.match_type = MATCH_TYPE_ACTION; - } else if (strcmp (attr[0], "user") == 0) { - node->data.node_match.match_type = MATCH_TYPE_USER; - } else { - polkit_debug ("Unknown match rule '%s'", attr[0]); - goto error; - } - - node->data.node_match.data = kit_strdup (attr[1]); - if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) { - polkit_debug ("Invalid expression '%s'", node->data.node_match.data); - goto error; - } - - state = STATE_IN_MATCH; - polkit_debug ("parsed match node ('%s' (%d) -> '%s')", - attr[0], - node->data.node_match.match_type, - node->data.node_match.data); - - } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_RETURN; - - if (strcmp (attr[0], "result") == 0) { - PolKitResult r; - if (!polkit_result_from_string_representation (attr[1], &r)) { - polkit_debug ("Unknown return result '%s'", attr[1]); - goto error; - } - node->data.node_return.result = r; - } else { - polkit_debug ("Unknown return rule '%s'", attr[0]); - goto error; - } - - state = STATE_IN_RETURN; - polkit_debug ("parsed return node ('%s' (%d))", - attr[1], - node->data.node_return.result); - } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH; - if (strcmp (attr[0], "user") == 0) { - node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER; - } else if (strcmp (attr[0], "group") == 0) { - node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP; - } else { - polkit_debug ("Unknown define_admin_auth rule '%s'", attr[0]); - goto error; - } - - node->data.node_define_admin_auth.data = kit_strdup (attr[1]); - - state = STATE_IN_DEFINE_ADMIN_AUTH; - polkit_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')", - attr[0], - node->data.node_define_admin_auth.admin_type, - node->data.node_define_admin_auth.data); - - - } - break; - } - - if (state == STATE_NONE || node == NULL) { - kit_warning ("skipping unknown tag <%s> at line %d of %s", - el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path); - state = STATE_UNKNOWN_TAG; - } - - if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) { - polkit_debug ("reached max depth?"); - goto error; - } - pd->state = state; - pd->state_stack[pd->stack_depth] = pd->state; - pd->node_stack[pd->stack_depth] = node; - - if (pd->stack_depth > 0) { - pd->node_stack[pd->stack_depth - 1]->children = - kit_list_append (pd->node_stack[pd->stack_depth - 1]->children, node); - } - - pd->stack_depth++; - polkit_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth); - return; - -error: - if (node != NULL) { - config_node_unref (node); - } - XML_StopParser (pd->parser, FALSE); -} - -static void -_cdata (void *data, const char *s, int len) -{ -} - -static void -_end (void *data, const char *el) -{ - ParserData *pd = data; - - polkit_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth); - - --pd->stack_depth; - if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) { - polkit_debug ("reached max depth?"); - goto error; - } - if (pd->stack_depth > 0) - pd->state = pd->state_stack[pd->stack_depth - 1]; - else - pd->state = STATE_NONE; - polkit_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth); - return; -error: - XML_StopParser (pd->parser, FALSE); -} - -/** - * polkit_config_new: - * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed. - * @error: return location for error - * - * Load and parse a PolicyKit configuration file. - * - * Returns: the configuration file object - **/ -PolKitConfig * -polkit_config_new (const char *path, PolKitError **error) -{ - ParserData pd; - int xml_res; - PolKitConfig *pk_config; - char *buf; - size_t buflen; - - /* load and parse the configuration file */ - pk_config = NULL; - - if (!kit_file_get_contents (path, &buf, &buflen)) { - polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID, - "Cannot load PolicyKit policy file at '%s': %m", - path); - goto error; - } - - pd.parser = XML_ParserCreate (NULL); - if (pd.parser == NULL) { - polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, - "Cannot load PolicyKit policy file at '%s': %s", - path, - "No memory for parser"); - goto error; - } - XML_SetUserData (pd.parser, &pd); - XML_SetElementHandler (pd.parser, _start, _end); - XML_SetCharacterDataHandler (pd.parser, _cdata); - - pk_config = kit_new0 (PolKitConfig, 1); - pk_config->refcount = 1; - - pd.state = STATE_NONE; - pd.pk_config = pk_config; - pd.node_stack[0] = NULL; - pd.stack_depth = 0; - pd.path = path; - - xml_res = XML_Parse (pd.parser, buf, buflen, 1); - - if (xml_res == 0) { - polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID, - "%s:%d: parse error: %s", - path, - (int) XML_GetCurrentLineNumber (pd.parser), - XML_ErrorString (XML_GetErrorCode (pd.parser))); - - XML_ParserFree (pd.parser); - kit_free (buf); - goto error; - } - XML_ParserFree (pd.parser); - kit_free (buf); - - polkit_debug ("Loaded configuration file %s", path); - - if (pk_config->top_config_node != NULL) - config_node_dump (pk_config->top_config_node); - - return pk_config; - -error: - if (pk_config != NULL) - polkit_config_unref (pk_config); - return NULL; -} - -/** - * polkit_config_ref: - * @pk_config: the object - * - * Increase reference count. - * - * Returns: the object - **/ -PolKitConfig * -polkit_config_ref (PolKitConfig *pk_config) -{ - kit_return_val_if_fail (pk_config != NULL, pk_config); - pk_config->refcount++; - return pk_config; -} - -/** - * polkit_config_unref: - * @pk_config: the object - * - * Decreases the reference count of the object. If it becomes zero, - * the object is freed. Before freeing, reference counts on embedded - * objects are decresed by one. - **/ -void -polkit_config_unref (PolKitConfig *pk_config) -{ - kit_return_if_fail (pk_config != NULL); - pk_config->refcount--; - if (pk_config->refcount > 0) - return; - - if (pk_config->top_config_node != NULL) - config_node_unref (pk_config->top_config_node); - - kit_free (pk_config); -} - -static polkit_bool_t -config_node_match (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitSession *session) -{ - char *str; - char *str1; - char *str2; - uid_t uid; - polkit_bool_t match; - - match = FALSE; - str1 = NULL; - str2 = NULL; - switch (node->data.node_match.match_type) { - - case MATCH_TYPE_ACTION: - if (!polkit_action_get_action_id (action, &str)) - goto out; - str1 = kit_strdup (str); - break; - - case MATCH_TYPE_USER: - if (caller != NULL) { - if (!polkit_caller_get_uid (caller, &uid)) - goto out; - } else if (session != NULL) { - if (!polkit_session_get_uid (session, &uid)) - goto out; - } else - goto out; - - str1 = kit_strdup_printf ("%d", uid); - { - struct passwd pd; - struct passwd* pwdptr=&pd; - struct passwd* tempPwdPtr; - char pwdbuffer[256]; - int pwdlinelen = sizeof(pwdbuffer); - - if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 ) - goto out; - str2 = kit_strdup (pd.pw_name); - } - break; - } - - if (str1 != NULL) { - if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0) - match = TRUE; - } - if (!match && str2 != NULL) { - if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0) - match = TRUE; - } - -out: - kit_free (str1); - kit_free (str2); - return match; -} - - -/* exactly one of the parameters caller and session must be NULL */ -static PolKitResult -config_node_test (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitSession *session) -{ - polkit_bool_t recurse; - PolKitResult result; - - recurse = FALSE; - result = POLKIT_RESULT_UNKNOWN; - - switch (node->node_type) { - case NODE_TYPE_NOP: - recurse = FALSE; - break; - case NODE_TYPE_TOP: - recurse = TRUE; - break; - case NODE_TYPE_MATCH: - if (config_node_match (node, action, caller, session)) - recurse = TRUE; - break; - case NODE_TYPE_RETURN: - result = node->data.node_return.result; - break; - default: - break; - } - - if (recurse) { - KitList *i; - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child_node = i->data; - result = config_node_test (child_node, action, caller, session); - if (result != POLKIT_RESULT_UNKNOWN) { - goto out; - } - } - } - -out: - return result; -} - -/** - * polkit_config_can_session_do_action: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @session: the session in question - * - * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file - * says that a given session can do a given action. - * - * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there - * was no match in the configuration file. - */ -PolKitResult -polkit_config_can_session_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitSession *session) -{ - PolKitResult result; - if (pk_config->top_config_node != NULL) - result = config_node_test (pk_config->top_config_node, action, NULL, session); - else - result = POLKIT_RESULT_UNKNOWN; - return result; -} - -/** - * polkit_config_can_caller_do_action: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * - * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file - * says that a given caller can do a given action. - * - * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there - * was no match in the configuration file. - */ -PolKitResult -polkit_config_can_caller_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller) -{ - PolKitResult result; - if (pk_config->top_config_node != NULL) - result = config_node_test (pk_config->top_config_node, action, caller, NULL); - else - result = POLKIT_RESULT_UNKNOWN; - return result; -} - - -static polkit_bool_t -config_node_determine_admin_auth (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data) -{ - polkit_bool_t recurse; - polkit_bool_t result_set; - - recurse = FALSE; - result_set = FALSE; - - switch (node->node_type) { - case NODE_TYPE_NOP: - recurse = FALSE; - break; - case NODE_TYPE_TOP: - recurse = TRUE; - break; - case NODE_TYPE_MATCH: - if (config_node_match (node, action, caller, NULL)) - recurse = TRUE; - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - if (out_admin_auth_type != NULL) - *out_admin_auth_type = node->data.node_define_admin_auth.admin_type; - if (out_data != NULL) - *out_data = node->data.node_define_admin_auth.data; - result_set = TRUE; - break; - default: - break; - } - - if (recurse) { - KitList *i; - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child_node = i->data; - - result_set = config_node_determine_admin_auth (child_node, - action, - caller, - out_admin_auth_type, - out_data) || result_set; - } - } - - return result_set; -} - -/** - * polkit_config_determine_admin_auth_type: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * @out_admin_auth_type: return location for the authentication type - * @out_data: return location for the match value of the given - * authentication type. Caller shall not manipulate or free this - * string. - * - * Determine what "Authenticate as admin" means for a given caller and - * a given action. This basically returns the result of the - * "define_admin_auth" in the configuration file when drilling down - * for a specific caller / action. - * - * Returns: TRUE if value was returned - */ -polkit_bool_t -polkit_config_determine_admin_auth_type (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data) -{ - if (pk_config->top_config_node != NULL) { - return config_node_determine_admin_auth (pk_config->top_config_node, - action, - caller, - out_admin_auth_type, - out_data); - } else { - return FALSE; - } -} - -#ifdef POLKIT_BUILD_TESTS - -static polkit_bool_t -_run_test (void) -{ - return TRUE; -} - -KitTest _test_config = { - "polkit_config", - NULL, - NULL, - _run_test -}; - -#endif /* POLKIT_BUILD_TESTS */ diff --git a/src/polkit/polkit-config.h b/src/polkit/polkit-config.h deleted file mode 100644 index 6aa3862..0000000 --- a/src/polkit/polkit-config.h +++ /dev/null @@ -1,91 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config.h : Configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) -#error "Only can be included directly, this file may disappear or change contents." -#endif - -#ifndef POLKIT_CONFIG_H -#define POLKIT_CONFIG_H - -#include -#include -#include -#include -#include -#include -#include -#include - -POLKIT_BEGIN_DECLS - -struct _PolKitConfig; -typedef struct _PolKitConfig PolKitConfig; - -PolKitConfig *polkit_config_new (const char *path, PolKitError **error); -PolKitConfig *polkit_config_ref (PolKitConfig *pk_config); -void polkit_config_unref (PolKitConfig *pk_config); - -PolKitResult -polkit_config_can_session_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitSession *session); - -PolKitResult -polkit_config_can_caller_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller); - -/** - * PolKitConfigAdminAuthType: - * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as - * administrator matches one or more users - * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as - * administrator matches users from one or more groups - * - * This enumeration reflects results defined in the - * "define_admin_auth" configuration element. - */ -typedef enum -{ - POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER, - POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP -} PolKitConfigAdminAuthType; - -polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data); - -POLKIT_END_DECLS - -#endif /* POLKIT_CONFIG_H */ - - diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c index 14d08f0..1417b77 100644 --- a/src/polkit/polkit-context.c +++ b/src/polkit/polkit-context.c @@ -53,7 +53,6 @@ #endif #include -#include "polkit-config.h" #include "polkit-debug.h" #include "polkit-context.h" #include "polkit-policy-cache.h" @@ -77,9 +76,9 @@ * decisions. Typically, it's used as a singleton: * * - * First, the Mechanism need to declare one or more PolicyKit Actions by dropping a .policy file into /usr/share/PolicyKit/policy. This is described in the PolicyKit specification. + * First, the Mechanism need to declare one or more PolicyKit Actions by dropping a .policy file into /usr/share/polkit-1/actions. This is described in the PolicyKit specification. * The mechanism starts up and uses polkit_context_new() to create a new context - * If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on /dev may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file /etc/PolicyKit/PolicyKit.conf such that some user is now privileged to access a specific device. + * If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on /dev may want to add/remove ACL's when configuration changes. * If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop. * The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize. * Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information. @@ -111,8 +110,6 @@ struct _PolKitContext PolKitPolicyCache *priv_cache; - PolKitConfig *config; - PolKitAuthorizationDB *authdb; polkit_bool_t load_descriptions; @@ -120,13 +117,11 @@ struct _PolKitContext #ifdef HAVE_INOTIFY int inotify_fd; int inotify_fd_watch_id; - int inotify_config_wd; int inotify_policy_wd; int inotify_grant_perm_wd; #elif HAVE_KQUEUE int kqueue_fd; int kqueue_fd_watch_id; - int kqueue_config_fd; int kqueue_policy_fd; int kqueue_grant_perm_fd; #endif @@ -156,7 +151,7 @@ polkit_context_new (void) * @error: return location for error * * Initializes a new context; loads PolicyKit files from - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: #FALSE if @error was set, otherwise #TRUE **/ @@ -169,7 +164,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) kit_return_val_if_fail (pk_context != NULL, FALSE); - pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy"); + pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/polkit-1/actions"); polkit_debug ("Using policy files from directory %s", pk_context->policy_dir); /* NOTE: we don't populate the cache until it's needed.. */ @@ -185,35 +180,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->inotify_config_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", - FILE_MODIFIED | FILE_ATTRIB); - if (pk_context->inotify_config_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ + /* Watch the /usr/share/polkit-1/actions directory */ pk_context->inotify_policy_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_DATA_DIR "/PolicyKit/policy", + PACKAGE_DATA_DIR "/polkit-1/actions", FILE_MODIFIED | FILE_ATTRIB); if (pk_context->inotify_policy_wd < 0) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); /* TODO: set error */ goto error; } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ + /* Watch the /var/lib/misc/polkit-1.reload file */ pk_context->inotify_grant_perm_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", FILE_MODIFIED | FILE_ATTRIB); if (pk_context->inotify_grant_perm_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); /* TODO: set error */ goto error; @@ -236,31 +220,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->kqueue_config_fd = open (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", O_RDONLY); - if (pk_context->kqueue_config_fd < 0) { - polkit_debug ("failed '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf' for reading: %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - EV_SET (&ev, pk_context->kqueue_config_fd, EVFILT_VNODE, - EV_ADD | EV_ENABLE | EV_CLEAR, - NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME, - 0, 0); - if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - close (pk_context->kqueue_config_fd); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ - pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/PolicyKit/policy", O_RDONLY); + /* Watch the /usr/share/polkit-1/actions directory */ + pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/polkit-1/actions", O_RDONLY); if (pk_context->kqueue_policy_fd < 0) { - polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/PolicyKit/policy for reading: %s", + polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/polkit-1/actions for reading: %s", strerror (errno)); /* TODO: set error */ goto error; @@ -271,7 +234,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME, 0, 0); if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); close (pk_context->kqueue_policy_fd); /* TODO: set error */ @@ -279,10 +242,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ - pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", O_RDONLY); + /* Watch the /var/lib/misc/polkit-1.reload file */ + pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", O_RDONLY); if (pk_context->kqueue_grant_perm_fd < 0) { - polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload' for reading: %s", + polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload' for reading: %s", strerror (errno)); /* TODO: set error */ goto error; @@ -293,7 +256,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME | NOTE_ATTRIB, 0, 0); if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); close (pk_context->kqueue_grant_perm_fd); /* TODO: set error */ @@ -317,35 +280,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", - IN_MODIFY | IN_CREATE | IN_ATTRIB); - if (pk_context->inotify_config_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ + /* Watch the /usr/share/polkit-1/actions directory */ pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_DATA_DIR "/PolicyKit/policy", + PACKAGE_DATA_DIR "/polkit-1/actions", IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB); if (pk_context->inotify_policy_wd < 0) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); /* TODO: set error */ goto error; } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ + /* Watch the /var/lib/misc/polkit-1.reload file */ pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", IN_MODIFY | IN_CREATE | IN_ATTRIB); if (pk_context->inotify_grant_perm_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); /* TODO: set error */ goto error; @@ -637,13 +589,7 @@ polkit_context_force_reload (PolKitContext *pk_context) polkit_policy_cache_unref (pk_context->priv_cache); pk_context->priv_cache = NULL; } - - /* Purge existing old config file */ - polkit_debug ("purging configuration file"); - if (pk_context->config != NULL) { - polkit_config_unref (pk_context->config); - pk_context->config = NULL; - } + /* Purge authorization entries from the cache */ _polkit_authorization_db_invalidate_cache (pk_context->authdb); @@ -744,21 +690,14 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, PolKitError **error) { PolKitPolicyCache *cache; - PolKitResult result_from_config; PolKitResult result_from_grantdb; polkit_bool_t from_authdb; polkit_bool_t from_authdb_negative; PolKitResult result; - PolKitConfig *config; result = POLKIT_RESULT_NO; kit_return_val_if_fail (pk_context != NULL, result); - config = polkit_context_get_config (pk_context, NULL); - /* if the configuration file is malformed, always say no */ - if (config == NULL) - goto out; - if (action == NULL || session == NULL) goto out; @@ -772,8 +711,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, if (cache == NULL) goto out; - result_from_config = polkit_config_can_session_do_action (config, action, session); - result_from_grantdb = POLKIT_RESULT_UNKNOWN; from_authdb_negative = FALSE; if (polkit_authorization_db_is_session_authorized (pk_context->authdb, @@ -786,28 +723,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, result_from_grantdb = POLKIT_RESULT_YES; } - /* Fist, the config file is authoritative.. so only use the - * value from the authdb if the config file allows to gain via - * authentication - */ - if (result_from_config != POLKIT_RESULT_UNKNOWN) { - /* it does.. use it.. although try to use an existing grant if there is one */ - if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && - result_from_grantdb == POLKIT_RESULT_YES) { - result = POLKIT_RESULT_YES; - } else { - result = result_from_config; - } - goto found; - } - /* If we have a positive answer from the authdb, use it */ if (result_from_grantdb == POLKIT_RESULT_YES) { result = POLKIT_RESULT_YES; @@ -884,20 +799,13 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, { PolKitPolicyCache *cache; PolKitResult result; - PolKitResult result_from_config; PolKitResult result_from_grantdb; - PolKitConfig *config; polkit_bool_t from_authdb; polkit_bool_t from_authdb_negative; result = POLKIT_RESULT_NO; kit_return_val_if_fail (pk_context != NULL, result); - /* if the configuration file is malformed, always say no */ - config = polkit_context_get_config (pk_context, NULL); - if (config == NULL) - goto out; - if (action == NULL || caller == NULL) goto out; @@ -911,8 +819,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, if (!polkit_caller_validate (caller)) goto out; - result_from_config = polkit_config_can_caller_do_action (config, action, caller); - result_from_grantdb = POLKIT_RESULT_UNKNOWN; from_authdb_negative = FALSE; if (polkit_authorization_db_is_caller_authorized (pk_context->authdb, @@ -926,28 +832,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, result_from_grantdb = POLKIT_RESULT_YES; } - /* Fist, the config file is authoritative.. so only use the - * value from the authdb if the config file allows to gain via - * authentication - */ - if (result_from_config != POLKIT_RESULT_UNKNOWN) { - /* it does.. use it.. although try to use an existing grant if there is one */ - if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && - result_from_grantdb == POLKIT_RESULT_YES) { - result = POLKIT_RESULT_YES; - } else { - result = result_from_config; - } - goto found; - } - /* If we have a positive answer from the authdb, use it */ if (result_from_grantdb == POLKIT_RESULT_YES) { result = POLKIT_RESULT_YES; @@ -1024,45 +908,6 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, return polkit_context_is_caller_authorized (pk_context, action, caller, FALSE, NULL); } -/** - * polkit_context_get_config: - * @pk_context: the PolicyKit context - * @error: Return location for error - * - * Returns an object that provides access to the - * /etc/PolicyKit/PolicyKit.conf configuration files. Applications - * using PolicyKit should never use this method; it's only here for - * integration with other PolicyKit components. - * - * Returns: A #PolKitConfig object or NULL if the configuration file - * is malformed. Caller should not unref this object. - */ -PolKitConfig * -polkit_context_get_config (PolKitContext *pk_context, PolKitError **error) -{ - if (pk_context->config == NULL) { - PolKitError **pk_error; - PolKitError *pk_error2; - - pk_error2 = NULL; - if (error != NULL) - pk_error = error; - else - pk_error = &pk_error2; - - polkit_debug ("loading configuration file"); - pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error); - /* if configuration file was bad, log it */ - if (pk_context->config == NULL) { - kit_warning ("failed to load configuration file: %s", - polkit_error_get_error_message (*pk_error)); - if (pk_error == &pk_error2) - polkit_error_free (*pk_error); - } - } - return pk_context->config; -} - /** * polkit_context_get_authorization_db: * @pk_context: the PolicyKit context diff --git a/src/polkit/polkit-context.h b/src/polkit/polkit-context.h index 7f85db3..9c90a9c 100644 --- a/src/polkit/polkit-context.h +++ b/src/polkit/polkit-context.h @@ -43,7 +43,6 @@ #include #include #include -#include #include POLKIT_BEGIN_DECLS @@ -174,8 +173,6 @@ PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_contex PolKitAction *action, PolKitCaller *caller); -PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error); - PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context, PolKitAction *action, PolKitCaller *caller, diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c index d5e3218..1378759 100644 --- a/src/polkit/polkit-policy-cache.c +++ b/src/polkit/polkit-policy-cache.c @@ -277,7 +277,7 @@ polkit_policy_cache_debug (PolKitPolicyCache *policy_cache) * * Given a action identifier, find the object describing the * definition of the policy; e.g. data stemming from files in - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise * #NULL if the action wasn't identified. Caller shall not unref @@ -318,7 +318,7 @@ out: * * Given a action, find the object describing the definition of the * policy; e.g. data stemming from files in - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise * #NULL if the action wasn't identified. Caller shall not unref diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c index a9be4f6..0432d48 100644 --- a/src/polkit/polkit-policy-file-entry.c +++ b/src/polkit/polkit-policy-file-entry.c @@ -140,7 +140,7 @@ _polkit_policy_file_entry_new (const char *action_id, #ifdef POLKIT_AUTHDB_DEFAULT /* read override file */ - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto error; if (!kit_file_get_contents (path, &contents, &contents_size)) { @@ -482,7 +482,7 @@ polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry, #ifndef POLKIT_AUTHDB_DEFAULT polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported"); #else - char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper", + char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper-1", NULL, /* arg1: action_id */ NULL, /* arg2: "clear" or "set" */ NULL, /* arg3: result_any */ diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit/polkit-read-auth-helper.c similarity index 97% rename from src/polkit-dbus/polkit-read-auth-helper.c rename to src/polkit/polkit-read-auth-helper.c index cdcc7f3..65ca8b7 100644 --- a/src/polkit-dbus/polkit-read-auth-helper.c +++ b/src/polkit/polkit-read-auth-helper.c @@ -54,7 +54,7 @@ #define LOG_AUTHPRIV (10<<3) #endif -#include +#include #include static polkit_bool_t @@ -306,7 +306,7 @@ main (int argc, char *argv[]) setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); #endif - openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-read-auth-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 2) { @@ -391,12 +391,12 @@ skip_check: if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) { test_dir = PACKAGE_LOCALSTATE_DIR; } - kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run)); - kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib)); + kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run)); + kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib)); #else - char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; - char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; + char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; #endif if (requesting_info_for_uid == (uid_t) -1) { diff --git a/src/polkit-dbus/polkit-resolve-exe-helper.c b/src/polkit/polkit-resolve-exe-helper.c similarity index 98% rename from src/polkit-dbus/polkit-resolve-exe-helper.c rename to src/polkit/polkit-resolve-exe-helper.c index c56b2f5..36dc018 100644 --- a/src/polkit-dbus/polkit-resolve-exe-helper.c +++ b/src/polkit/polkit-resolve-exe-helper.c @@ -53,7 +53,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -84,7 +84,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-resolve-exe-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-resolve-exe-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 2) { diff --git a/src/polkit-dbus/polkit-set-default-helper.c b/src/polkit/polkit-set-default-helper.c similarity index 92% rename from src/polkit-dbus/polkit-set-default-helper.c rename to src/polkit/polkit-set-default-helper.c index c903dbd..eb1fb9d 100644 --- a/src/polkit-dbus/polkit-set-default-helper.c +++ b/src/polkit/polkit-set-default-helper.c @@ -51,8 +51,8 @@ #include #include +#include #include -#include #ifdef HAVE_SOLARIS #define LOG_AUTHPRIV (10<<3) @@ -69,7 +69,7 @@ set_default (const char *action_id, const char *any, const char *inactive, const contents = NULL; ret = FALSE; - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto out; @@ -101,7 +101,7 @@ clear_default (const char *action_id) ret = FALSE; - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto out; @@ -133,7 +133,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-set-default-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-set-default-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (! (argc == 3 || argc == 6)) { @@ -214,9 +214,9 @@ main (int argc, char *argv[]) } /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { kit_warning ("Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } ret = 0; diff --git a/src/polkit-dbus/polkit-simple.c b/src/polkit/polkit-simple.c similarity index 99% rename from src/polkit-dbus/polkit-simple.c rename to src/polkit/polkit-simple.c index 8365b93..abdcdfe 100644 --- a/src/polkit-dbus/polkit-simple.c +++ b/src/polkit/polkit-simple.c @@ -53,8 +53,6 @@ #include #include "polkit-simple.h" -#include "polkit-dbus.h" - /** * polkit_check_auth: diff --git a/src/polkit-dbus/polkit-simple.h b/src/polkit/polkit-simple.h similarity index 93% rename from src/polkit-dbus/polkit-simple.h rename to src/polkit/polkit-simple.h index 3c59314..1cf9753 100644 --- a/src/polkit-dbus/polkit-simple.h +++ b/src/polkit/polkit-simple.h @@ -27,14 +27,14 @@ * **************************************************************************/ -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_DBUS_H) -#error "Only can be included directly, this file may disappear or change contents." +#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." #endif #ifndef POLKIT_SIMPLE_H #define POLKIT_SIMPLE_H -#include +#include POLKIT_BEGIN_DECLS diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c index fe0fc6f..ad8b7a0 100644 --- a/src/polkit/polkit-sysdeps.c +++ b/src/polkit/polkit-sysdeps.c @@ -320,7 +320,7 @@ polkit_sysdeps_get_exe_for_pid_with_helper (pid_t pid, char *out_buf, size_t buf ret = polkit_sysdeps_get_exe_for_pid (pid, out_buf, buf_size); if (ret == -1) { char buf[32]; - char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper", buf, NULL}; + char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper-1", buf, NULL}; char *standard_output; int exit_status; diff --git a/src/polkit/polkit-test.c b/src/polkit/polkit-test.c index 10ae84b..927339c 100644 --- a/src/polkit/polkit-test.c +++ b/src/polkit/polkit-test.c @@ -57,7 +57,6 @@ static KitTest *tests[] = { &_test_authorization_constraint, &_test_authorization, &_test_authorization_db, - &_test_config, &_test_sysdeps, &_test_utils, &_test_context, diff --git a/src/polkit/polkit-test.h b/src/polkit/polkit-test.h index c1656cd..056b3dc 100644 --- a/src/polkit/polkit-test.h +++ b/src/polkit/polkit-test.h @@ -52,7 +52,6 @@ extern KitTest _test_policy_cache; extern KitTest _test_authorization_constraint; extern KitTest _test_authorization; extern KitTest _test_authorization_db; -extern KitTest _test_config; extern KitTest _test_sysdeps; extern KitTest _test_utils; extern KitTest _test_context; diff --git a/src/polkit-dbus/polkit-dbus.c b/src/polkit/polkit-tracker.c similarity index 99% rename from src/polkit-dbus/polkit-dbus.c rename to src/polkit/polkit-tracker.c index f7be03f..0dad442 100644 --- a/src/polkit-dbus/polkit-dbus.c +++ b/src/polkit/polkit-tracker.c @@ -1,8 +1,7 @@ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ /*************************************************************************** * - * polkit-dbus.h : helper library for obtaining seat, session and - * caller information via D-Bus and ConsoleKit + * polkit-tracker.c : track callers * * Copyright (C) 2007 David Zeuthen, * @@ -28,15 +27,32 @@ * **************************************************************************/ +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "polkit-debug.h" +#include "polkit-tracker.h" + /** - * SECTION:polkit-dbus - * @title: Caller Determination + * SECTION:polkit-tracker + * @title: Track callers * @short_description: Obtaining seat, session and caller information * via D-Bus and ConsoleKit. * - * Helper library for obtaining seat, session and caller information + * Helper class for obtaining seat, session and caller information * via D-Bus and ConsoleKit. This library is only useful when writing - * a mechanism. + * a mechanism. * * If the mechanism itself is a daemon exposing a remote services via * the system message bus it's often a better idea, to reduce @@ -44,7 +60,6 @@ * the low-level functions polkit_caller_new_from_dbus_name() and * polkit_caller_new_from_pid(). * - * These functions are in libpolkit-dbus. **/ #ifdef HAVE_CONFIG_H @@ -66,10 +81,10 @@ #include #endif -#include "polkit-dbus.h" #include #include #include +#include "polkit-tracker.h" /** * polkit_session_new_from_objpath: @@ -1523,7 +1538,7 @@ polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusEr * * Since: 0.7 */ -polkit_bool_t +polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error) { @@ -1539,20 +1554,3 @@ polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAutho */ return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error); } - -#ifdef POLKIT_BUILD_TESTS - -static polkit_bool_t -_run_test (void) -{ - return TRUE; -} - -KitTest _test_polkit_dbus = { - "polkit_dbus", - NULL, - NULL, - _run_test -}; - -#endif /* POLKIT_BUILD_TESTS */ diff --git a/src/polkit-dbus/polkit-dbus.h b/src/polkit/polkit-tracker.h similarity index 85% rename from src/polkit-dbus/polkit-dbus.h rename to src/polkit/polkit-tracker.h index 75879fa..f994129 100644 --- a/src/polkit-dbus/polkit-dbus.h +++ b/src/polkit/polkit-tracker.h @@ -1,8 +1,7 @@ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ /*************************************************************************** * - * polkit-dbus.h : helper library for obtaining seat, session and - * caller information via D-Bus and ConsoleKit + * polkit-tracker.h : track callers * * Copyright (C) 2007 David Zeuthen, * @@ -28,15 +27,16 @@ * **************************************************************************/ -#ifndef POLKIT_DBUS_H -#define POLKIT_DBUS_H +#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif -#include -#include +#ifndef POLKIT_TRACKER_H +#define POLKIT_TRACKER_H -#define _POLKIT_INSIDE_POLKIT_DBUS_H 1 -#include -#undef _POLKIT_INSIDE_POLKIT_DBUS_H +#include +#include +#include POLKIT_BEGIN_DECLS @@ -49,7 +49,6 @@ PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBus polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error); - struct _PolKitTracker; typedef struct _PolKitTracker PolKitTracker; @@ -58,15 +57,14 @@ PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_trac void polkit_tracker_unref (PolKitTracker *pk_tracker); void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con); void polkit_tracker_init (PolKitTracker *pk_tracker); - polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message); - PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error); - PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error); - -polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error); +polkit_bool_t +polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error); POLKIT_END_DECLS -#endif /* POLKIT_DBUS_H */ +#endif /* POLKIT_ACTION_H */ + + diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h index aa0ab8f..884fc41 100644 --- a/src/polkit/polkit.h +++ b/src/polkit/polkit.h @@ -44,9 +44,10 @@ #include #include #include -#include #include #include +#include +#include #undef _POLKIT_INSIDE_POLKIT_H #endif /* POLKIT_H */ diff --git a/test/authdb-test/lib/PolicyKit/.gitignore b/test/authdb-test/lib/polkit-1/.gitignore similarity index 100% rename from test/authdb-test/lib/PolicyKit/.gitignore rename to test/authdb-test/lib/polkit-1/.gitignore diff --git a/test/authdb-test/run/PolicyKit/.gitignore b/test/authdb-test/run/polkit-1/.gitignore similarity index 100% rename from test/authdb-test/run/PolicyKit/.gitignore rename to test/authdb-test/run/polkit-1/.gitignore diff --git a/tools/Makefile.am b/tools/Makefile.am index 3f0a200..195f832 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -11,22 +11,19 @@ INCLUDES = \ @GLIB_CFLAGS@ \ @DBUS_CFLAGS@ -bin_PROGRAMS = polkit-config-file-validate polkit-policy-file-validate polkit-action polkit-auth +bin_PROGRAMS = polkit-policy-file-validate-1 polkit-action-1 polkit-auth-1 -polkit_config_file_validate_SOURCES = polkit-config-file-validate.c -polkit_config_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_policy_file_validate_1_SOURCES = polkit-policy-file-validate.c +polkit_policy_file_validate_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la -polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c -polkit_policy_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_auth_1_SOURCES = polkit-auth.c +polkit_auth_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit-1.la $(top_builddir)/src/polkit-grant/libpolkit-grant-1.la -polkit_auth_SOURCES = polkit-auth.c -polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la - -polkit_action_SOURCES = polkit-action.c -polkit_action_LDADD = $(top_builddir)/src/polkit/libpolkit.la +polkit_action_1_SOURCES = polkit-action.c +polkit_action_1_LDADD = $(top_builddir)/src/polkit/libpolkit-1.la profiledir = $(sysconfdir)/profile.d -profile_SCRIPTS = polkit-bash-completion.sh +profile_SCRIPTS = polkit-bash-completion-1.sh EXTRA_DIST = $(profile_SCRIPTS) diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c index 001298e..a22f418 100644 --- a/tools/polkit-auth.c +++ b/tools/polkit-auth.c @@ -46,7 +46,7 @@ #include #include -#include +#include #include #include diff --git a/tools/polkit-bash-completion.sh b/tools/polkit-bash-completion-1.sh similarity index 83% rename from tools/polkit-bash-completion.sh rename to tools/polkit-bash-completion-1.sh index 37e5ee1..4d67fe3 100644 --- a/tools/polkit-bash-completion.sh +++ b/tools/polkit-bash-completion-1.sh @@ -4,7 +4,7 @@ #################################################################################################### -__polkit_auth() { +__polkit_auth_1() { local IFS=$'\n' local cur="${COMP_WORDS[COMP_CWORD]}" @@ -15,13 +15,13 @@ __polkit_auth() { 2) case "${COMP_WORDS[1]}" in --obtain) - COMPREPLY=($(compgen -W "$(polkit-auth --show-obtainable)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-auth-1 --show-obtainable)" -- $cur)) ;; --revoke) - COMPREPLY=($(compgen -W "$(polkit-auth --explicit)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-auth-1 --explicit)" -- $cur)) ;; --grant|--block) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --user) COMPREPLY=($(compgen -u -- $cur)) @@ -45,20 +45,20 @@ __polkit_auth() { --user) local afou # we may not be authorized to read the explicit auths for the given user.. - afou=$(polkit-auth --user ${COMP_WORDS[2]} --explicit 2> /dev/null) + afou=$(polkit-auth-1 --user ${COMP_WORDS[2]} --explicit 2> /dev/null) if [ $? != 0 ] ; then # .. so if that fails, fall back to showing all actions - afou=$(polkit-action) + afou=$(polkit-action-1) fi COMPREPLY=($(compgen -W "$afou" -- $cur)) ;; *) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; esac ;; --grant|--block) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --constraint) COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur)) @@ -92,7 +92,7 @@ __polkit_auth() { #################################################################################################### -__polkit_action() { +__polkit_action_1() { local IFS=$'\n' local cur="${COMP_WORDS[COMP_CWORD]}" @@ -103,10 +103,10 @@ __polkit_action() { 2) case "${COMP_WORDS[1]}" in --action|--set-defaults-any|--set-defaults-inactive|--set-defaults-active) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --reset-defaults) - COMPREPLY=($(compgen -W "$(polkit-action --show-overrides)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1 --show-overrides)" -- $cur)) ;; esac ;; @@ -121,5 +121,5 @@ __polkit_action() { #################################################################################################### -complete -o nospace -F __polkit_auth polkit-auth -complete -o nospace -F __polkit_action polkit-action +complete -o nospace -F __polkit_auth_1 polkit-auth-1 +complete -o nospace -F __polkit_action_1 polkit-action-1 diff --git a/tools/polkit-config-file-validate.c b/tools/polkit-config-file-validate.c deleted file mode 100644 index 70f7f4b..0000000 --- a/tools/polkit-config-file-validate.c +++ /dev/null @@ -1,100 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config-file-validate.c : validate configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -static void -usage (int argc, char *argv[]) -{ - execlp ("man", "man", "polkit-config-file-validate", NULL); - fprintf (stderr, "Cannot show man page: %m\n"); - exit (1); -} - -int -main (int argc, char *argv[]) -{ - int n; - int ret; - char *path; - PolKitConfig *config; - PolKitError *pk_error; - - ret = 1; - - path = NULL; - for (n = 1; n < argc; n++) { - if (strcmp (argv[n], "--help") == 0) { - usage (argc, argv); - ret = 0; - goto out; - } else if (strcmp (argv[n], "--version") == 0) { - printf ("polkit-config-file-validate " PACKAGE_VERSION "\n"); - ret = 0; - goto out; - } else { - if (path != NULL) { - usage (argc, argv); - goto out; - } - path = argv[n]; - } - } - - if (path == NULL) - path = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf"; - - pk_error = NULL; - config = polkit_config_new (path, &pk_error); - if (config == NULL) { - printf ("Configuration file is malformed: %s\n", polkit_error_get_error_message (pk_error)); - polkit_error_free (pk_error); - goto out; - } - - ret = 0; - -out: - return ret; -} -- GitLab